IPsec Security Levels

What are security bits?

VPN Problem:  

What is the most secure VPN cryptographic algorithm?   What is the best-practice for choosing IPsec security strength?

Solution:

Use Key Management methodology to determine IPsec security strength.

Key Management

The National Institute of Standards and Technology (NIST) publishes up-to-date guidance for choosing appropriate VPN ciphers.  It uses Key Management methodology to rate the effectiveness of different cryptographic algorithms.

Security Strength 

Security strength is a Key Management assessment that estimates the effectiveness of cryptographic algorithms against known attacks over time.  New or improved attacks may affect these equivalencies in the future.

Security strength uses bits-of-security to represent cipher strength.  Security-bits are not the same thing as key-length bits.  For example, a 1024-bit RSA certificate provides 80-bits of security.

In addition, different security algorithms may share common security strength levels (Table 1).  It's best practice to match similar security strength when working with different sets of cryptography algorithms (e.g., transfer-sets and cipher-sets).  Consider, one depreciated algorithm can compromise the entire security target.

IPsec Cipher Assessment

Use Key Management security strength assessments to implement secure IKEv2 and L2TP/IPsec VPN.  Consider how security-bits represents cipher strength:

  • 89 security-bits are vulnerable to known attacks.
  • 103 security-bits are not vulnerable to known attacks -for now.  Status forecast to depreciate in the near-future (may be months or years).
  • 128 security-bits are not vulnerable to known attacks.  Status forecast remains secure for near-future.
  • 192 security-bits are not vulnerable to known attacks.  Status forecast remains secure for long-term future (years).
Cisco dubs 192-bit security as Next Generation (NG).  NG security strength includes DH-19 that uses 256-bit key with elliptic-curve algorithms.  It provides a 1024-bit key exchange and does not require intensive hardware resources -wow!




Table 1
VPN Security Strength 

Security Strength DH RSA IKE Encryption IKE Hash ESP Encryption ESP HMAC Hash Assessment***
80-bit 5 1024 AES-128 SHA1 AES-128 SHA1 Bad
89-bit 5 2048 AES-128 SHA1
SHA256
AES-128 SHA1
SHA256
Bad
103-bit 14 2048 AES-128 SHA1
SHA256
AES-128 SHA1
SHA256
Good
128-bit 15 3072 AES-128 SHA256
SHA384
AES-128 SHA1
SHA256
Better
192-bit* 16 4096** AES-256 SHA256**
SHA384
AES-256 SHA1
SHA256**
Best

Note:  DH-EC not included in this table -for simplicity.  DH-EC provides for a 1024 or 7068 security bit key exchange.
*192-bit security level requires 7680-bit RSA. Some systems do not support 7680-bit RSA.
 **Security level mismatch. 4096-RSA security-strength is 140-bit (i.e., not 192-bit). This mismatch impacts all security levels.
***The assessment column is not official NIST Key Management.  It is this author's independent qualitative interpretation derived from NIST Key Management.


Table 2
Diffie-Hellmand (DH) Security Strength Levels.

DH Group DH Key Security Strength
(i.e., Bits of Security)
DH5 1536 bits 89 bits
DH14 2048 bits 103 bits
DH15 3072-bit 128 bits
DH16 4096 bit 192 bits
DH19 (ECP) 256-bit (ECP) 1024
DH20 (ECP) 384-bit ECP 7680




Table 3
Encryption Security Strength Levels

AES AES Key Security Strength
(i.e., Bits of Security)
AES-128 128 128
AES-256 256 256


Table 4
RSA Security Strength

Certificate RSA Key Symmetric Key
RSA 1024-bit 80-bit
RSA 2048-bit 112-bit
RSA 3072-bit 128-bit
RSA 4096-bit 140-bits*
RSA 15360 -bit* 256-bit**

 *No formal recommendation for Symmetric key.
RSA 4096 offers marginal 28bit increase for symmetric key.
**15360 is not usable. Therefore, use RSA 3072-bit key.


Table 5
Hash Security Strength

Hash Hash-only HMAC Security Strength
(i.e., Bits of Security)
SHA SHA-1
SHA-256
SHA-512
SHA-1
SHA-256
SHA-512
80
SHA SHA256
SHA384
SHA256
SHA-1
SHA-256
SHA-512
112
SHA SHA256
SHA384
SHA256
SHA-1
SHA256
SHA-512
128
SHA SHA-384
SHA-512
SHA-256
SHA-384
SHA-512
192
SHA SHA512 SHA-256
SHA-384
SHA-512
SHA256

Note: Hash security level determined by algorithm,
scheme or application and by the minimum security-strength provided.


That's it!


References:
https://www.nist.gov/
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
http://infosecurity.ch/20100926/not-every-elliptic-curve-is-the-same-trough-on-ecc-security/
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf





2 Comments

  1. Thanks For sharing this Superb article.I use this Article to show my assignment in college.it is useful For me Great Work. best vpn

    ReplyDelete
  2. The rapid increase in the crime rates has made it more important for everyone to have advanced security systems. Locksmith near me

    ReplyDelete

My Instagram